From 42eb67d7b0ba62d1dfa7151c243da3a3cac73cbd Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Tue, 14 Sep 2021 12:17:40 +0200 Subject: [PATCH] fix exactMatch --- pkg/client/rp/jwks.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/client/rp/jwks.go b/pkg/client/rp/jwks.go index 4db20b4..3cf8cfe 100644 --- a/pkg/client/rp/jwks.go +++ b/pkg/client/rp/jwks.go @@ -102,9 +102,9 @@ func (r *remoteKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig // //if there is only one possible, it tries to verify the signature and will return the payload if successful // -//it only returns an error if signature validation fails and if either: -// - both (JWT and JWK) kid match -// - or both are empty and skipRemoteCheck is set to true +//it only returns an error if signature validation fails and keys exactMatch which is if either: +// - both kid are empty and skipRemoteCheck is set to true +// - or both (JWT and JWK) kid are equal // //otherwise it will return no error (so remote keys will be loaded) func (r *remoteKeySet) verifySignatureCached(jws *jose.JSONWebSignature, keyID, alg string) ([]byte, error) {